<?php
		
	/* SVN FILE: $Id: uploads.php 8 2011-03-13 08:32:38Z michele.andreoletti@gmail.com $ */
	
	/**
	 * Project Name : arcadia
	 *
	 * @author $Author: michele.andreoletti@gmail.com $
	 * @version $Revision: 8 $
	 * @lastrevision $Date: 2011-03-13 08:32:38 +0000 (Sun, 13 Mar 2011) $
	 * @filesource $URL: http://arcadia.googlecode.com/svn/trunk/include/uploads.php $
	 */
	
	date_default_timezone_set('Europe/Rome');
	
	if(isset($_POST['sAPP']) && !empty($_POST['sAPP'])) {
		$sAPP = $_POST['sAPP'];	

	} else {
		require_once "./const.inc.php";
		require_once "./functions.php";
		// require_once "./auth.inc.php";
		require_once "./conn.inc.php";
		
		fnUpdateLog('APP NOT DEFINED', 0, '', 'E');
		echo 'app-not-defined';
		die();
	
	}

	require_once "../$sAPP/include/const.inc.php";
	require_once "../$sAPP/include/functions.php";
	// require_once "./auth.inc.php";
	require_once "./conn.inc.php";

	fnGetValueFromPOST(array('iView', 'sViewItemLink', 'sAPP', 'iAccessLvl', 'sUsername'));
		
	fnViewConst($sViewItemLink);
		
	$sScript = fnCurrentScript();
	
	if (isset($iAccessLvl) && isset($sUsername)) {
		fnSaveSessionValue($sUsername, 'sUsername'); // Workaround per fornire tutte le info necessarie alla funzione fnUpdateLog quando si usa uploadify
	
	} else {
		if (!isset($_SESSION)) { session_start(); }
		$iAccessLvl = fnViewAccessLvl($iView, $aTABLE, $aTABLE_SECURITY_CHECK); // Workaround per il form utilizzato quando non funziona uploadify
	
	}
	
	$iFieldAccessLvl = fnFieldAccessLvl($iAccessLvl, $sViewItemLink, $iTabUploads);
	
	if (!empty($_FILES['Filedata']['tmp_name']) && !empty($_FILES['Filedata']['size'])) {

		if (is_allowed('edit', $iFieldAccessLvl)) {
				
			$name = $_FILES['Filedata']['name'];
			$size = $_FILES['Filedata']['size'];
			$type = $_FILES['Filedata']['type'];
			
			$tmp_name  = $_FILES['Filedata']['tmp_name'];				
			$rFilePointer = fopen($tmp_name, 'r');
			$binData = fread($rFilePointer, $size);
			$binData = addslashes($binData);
			fclose($rFilePointer);
			
			if(!get_magic_quotes_gpc()) { $name = addslashes($name); }
			$name = mysql_real_escape_string($name);			
			
			$sQuery = "INSERT INTO `uploads` (`sApp`, `sSelectFrom`, `iView`, `sName`, `sType`, `iSize`, `sDescription`)
				VALUES ('$sAPP', '$sViewSelectFrom', '$iView', '$name', '$type', '$size', '')";
			custom_mysql_query($sQuery);
			$iUpload = mysql_insert_id($rConn);
			$sQuery = "INSERT INTO `uploads_bin` (`iUpload`, `binData`) VALUES ('$iUpload', '$binData')";
			custom_mysql_query($sQuery);			
			
			fnUpdateLog("FILE ADDED [".$name."]", $iView, $sViewSelectFrom, 'I');
			$sMsg = "file-added";
			
		} else {
			fnUpdateLog("LOW RIGTHS", $iView, $sViewSelectFrom, 'S');
			$sMsg = "low-rights"; }

	} else {
		fnUpdateLog("UPLOAD ERROR [".$_FILES['Filedata']['error']."]", $iView, $sViewSelectFrom, 'E');
		$sMsg = "upload-error";
		
	}
	
	if ($sRedirect) {
		// $sRedirect == true quando non viene utilizzato uploadify ma viene utilizzato un semplice form
		$sRedirect = "../$sAPP/$sViewItemLink?iView=$iView&iTab=$iTabUploads&sMsg=$sMsg";
		header("Location: $sRedirect");
	} else { 
		echo $sMsg;
	} 
	
?>